Necurs Botnet is Alive Following Three Weeks of Quiet

A botnet comprising many compromised PCs which everyone thought had gone offline is back alive distributing spam mails to its victims while infecting them with ransomware.

It seemed that on 1st June the network of bot-infected PCs called Necurs stopped sending spam traffic. Necurs was responsible for Locky ransomware's primary proliferation that made PCs or their data inaccessible to users until they paid a specified ransom to the hackers.

When Necurs shut down, its impact became evident instantly, while security researchers observed certain decline in junk electronic mails serving Locky. Surprisingly, distribution of junk e-mails delivering Dridex the banker Trojan too slowed down that incited curiosity since Dridex corresponded to a different botnet.

Specialists can't figure out why traffic from Necurs paused but subsequently resumed. One initial explanation is that this botnet's attacks had an association with many Russian hackers who were arrested; nevertheless, those hackers understandably didn't use Necurs.

To describe Necurs, it's a botnet, an amalgamation of hijacked PCs executing coordinated tasks. Thehill.com posted this, June 21, 2016.

It was on June 19 that Necurs revived with the botnet's operators establishing fresh command-and-control servers, while soon numerous bots began linking up with the new infrastructures.

Elaborating the development MalwareTech says given that bots won't halt polling DGA till one command-and-control server issues a response that's digitally signed is indicative that that the botnet is wholly under the botmasters' control, alternatively some other person has acquired the decryption code.

Sens. Sheldon Whitehouse (D-R.I.) and Lindsey Graham (R-S.C.) have again and again introduced laws for ending botnets. However, these laws, worry civil liberty factions, authorize officials of law enforcement towards hacking the bot-contaminated PCs devoid of letting their owners know about it, while rest upon obsolete laws for enforcement.

Further according to MalwareTech, Necurs operators during each fresh campaign began using one new collection of unidentified Locky strains; therefore the current revival appears as though Necurs operators simply pressed the button for pause-and-resume related to some previous campaign.

It maybe noted, the revived Necurs doesn't show any fresh 'Dridex' alternatively 'Locky' malicious programs; so the purpose of these botmasters isn't clear as yet.

» SPAMfighter News - 6/28/2016